Tuesday, April 13, 2010

NIST Issues Privacy Guidance

Guidance on how organizations should protect the confidentiality of personal identifiable information has been issued by the National Institute of Standards and Technology.

According to NIST, Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information provides practical, context-based guidelines for identifying PII and determining what level of protection is appropriate for each instance of PII.

The guidance defines PII confidentiality impact levels - low, moderate or high - which indicate the potential harm that could result to individuals and/or the organization if PII were inappropriately accessed, used or disclosed.

The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. -------------------------------------------Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf